Due to a missing zero address check of _globalBeneficiary in the constructor on #L75 of PermissionlessBasicPoolFactory.sol , it could lead to a loss of taxPerCapita for the Pool creator when withdrawTaxes() is called.
That is, if contract creator mistakenly sets _globalBeneficiary as the zero address, then anytime withdrawTaxes() is called, it will send the accumulated taxPerCapita to the zero address leading to loss of revenue for the Pool creator.
illuzen
commented
2 years ago
Lines of code
https://github.com/code-423n4/2022-05-factorydao/blob/main/contracts/PermissionlessBasicPoolFactory.sol#L75-L78
Vulnerability details
Impact
Due to a missing zero address check of
_globalBeneficiaryin the constructor on #L75 of PermissionlessBasicPoolFactory.sol , it could lead to a loss of taxPerCapita for the Pool creator when withdrawTaxes() is called.That is, if contract creator mistakenly sets
_globalBeneficiaryas the zero address, then anytime withdrawTaxes() is called, it will send the accumulated taxPerCapita to the zero address leading to loss of revenue for the Pool creator.Proof of Concept
https://github.com/code-423n4/2022-05-factorydao/blob/main/contracts/PermissionlessBasicPoolFactory.sol#L75-L78
Tools Used
Manual review
Recommended Mitigation Steps
Consider adding zero address check in the PermissionlessBasicPoolFactory.sol constructor.